Cyber Posture

CVE-2026-24832

Critical

Published: 27 January 2026

Published
27 January 2026
Modified
05 February 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 18.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24832 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Ixray-Team Ix-Ray Engine 1.6. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mandates timely identification, reporting, and patching of the out-of-bounds write flaw in ixray-1.6-stcop versions before 1.3.

SI-16 Memory Protection good match
prevent

Provides runtime memory protections like ASLR, DEP, and stack canaries to block exploitation of the out-of-bounds write vulnerability.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Requires vulnerability scanning to identify and prioritize systems running vulnerable ixray-1.6-stcop versions before 1.3.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Unauthenticated remote out-of-bounds write (CWE-787) with CVSS 9.8 AV:N/PR:N/UI:N directly enables exploitation of a public-facing application for RCE or similar impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

Deeper analysisAI

CVE-2026-24832 is an Out-of-bounds Write vulnerability (CWE-787) in ixray-team's ixray-1.6-stcop software. This issue affects ixray-1.6-stcop versions before 1.3. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its potential for severe impact.

A remote attacker can exploit this vulnerability over the network with low attack complexity, requiring no privileges or user interaction. Successful exploitation enables high-impact consequences on confidentiality, integrity, and availability.

The referenced GitHub pull request at https://github.com/ixray-team/ixray-1.6-stcop/pull/257 addresses this vulnerability, indicating that updating to ixray-1.6-stcop version 1.3 or later mitigates the issue.

Details

CWE(s)
CWE-787

Affected Products

ixray-team
ix-ray engine 1.6
≤ 1.3

CVEs Like This One

CVE-2026-24870Same product: Ixray-Team Ix-Ray Engine 1.6
CVE-2026-24831Same product: Ixray-Team Ix-Ray Engine 1.6
CVE-2026-27703Shared CWE-787
CVE-2026-21897Shared CWE-787
CVE-2025-29385Shared CWE-787
CVE-2025-26508Shared CWE-787
CVE-2025-29386Shared CWE-787
CVE-2025-25742Shared CWE-787
CVE-2026-5442Shared CWE-787
CVE-2024-57582Shared CWE-787

References